Generative Adversarial Networks for Black-Box API Attacks with Limited Training Data

01/25/2019
by   Yi Shi, et al.
0

As online systems based on machine learning are offered to public or paid subscribers via application programming interfaces (APIs), they become vulnerable to frequent exploits and attacks. This paper studies adversarial machine learning in the practical case when there are rate limitations on API calls. The adversary launches an exploratory (inference) attack by querying the API of an online machine learning system (in particular, a classifier) with input data samples, collecting returned labels to build up the training data, and training an adversarial classifier that is functionally equivalent and statistically close to the target classifier. The exploratory attack with limited training data is shown to fail to reliably infer the target classifier of a real text classifier API that is available online to the public. In return, a generative adversarial network (GAN) based on deep learning is built to generate synthetic training data from a limited number of real training data samples, thereby extending the training data and improving the performance of the inferred classifier. The exploratory attack provides the basis to launch the causative attack (that aims to poison the training process) and evasion attack (that aims to fool the classifier into making wrong decisions) by selecting training and test data samples, respectively, based on the confidence scores obtained from the inferred classifier. These stealth attacks with small footprint (using a small number of API calls) make adversarial machine learning practical under the realistic case with limited training data available to the adversary.

READ FULL TEXT
research
11/05/2018

Active Deep Learning Attacks under Strict Rate Limitations for Online API Calls

Machine learning has been applied to a broad range of applications and s...
research
10/23/2019

Trojan Attacks on Wireless Signal Classification with Adversarial Machine Learning

We present a Trojan (backdoor or trapdoor) attack that targets deep lear...
research
06/18/2019

Poisoning Attacks with Generative Adversarial Nets

Machine learning algorithms are vulnerable to poisoning attacks: An adve...
research
06/30/2020

Model-Targeted Poisoning Attacks: Provable Convergence and Certified Bounds

Machine learning systems that rely on training data collected from untru...
research
12/11/2019

Towards a Robust Classifier: An MDL-Based Method for Generating Adversarial Examples

We address the problem of adversarial examples in machine learning where...
research
02/16/2022

Generative Adversarial Network-Driven Detection of Adversarial Tasks in Mobile Crowdsensing

Mobile Crowdsensing systems are vulnerable to various attacks as they bu...
research
03/23/2017

Data Driven Exploratory Attacks on Black Box Classifiers in Adversarial Domains

While modern day web applications aim to create impact at the civilizati...

Please sign up or login with your details

Forgot password? Click here to reset